ALERT: CryptoWall 3.0 ransomware. Backup or pay BIG!

Since 2012 a very sophisticated new form of ransom-ware has been infecting millions of Windows computers. CryptoWall, Cryptorbit, and CryptoLocker or Crypto-malware is a Trojan horse that encrypts files on the compromised computer. The malware uses RSA 2048 bit encryption to scramble important data files using public/private key cryptographic technology making the data files unusable. The victim is instructed to pay a hefty ransom fee ranging from $150 to $750 USD using an anonymous bitcoin payment method to purchase the decryption key that will allegedly decrypt the users files. Even if the user pays the ransom, there’s no guarantee that the attacker will provide the decryption key needed to unlock their files.

After the CryptoWall ransomware seemed dormant for several months a more sophisticated new release known as CryptoWall 3.0 appeared this Monday and has already infected thousands of computers.

Can the malware be removed to get the data back?

While it may be possible to remove the virus from the infected computer, it will not unlock the encrypted files.

How does the ransomware get on the computer?

The ransomware is usually disguised as a fake Windows update for applications such as Adobe Reader, Adobe Flash Player or Java. These types of updates often appear as pop-up windows when the victim visits an unsafe website. The malware may also be distributed as a spam email attachment or as a device driver download from a compromised website.

Is an external drive or cloud sync drive safe?

The ransomware looks for important user files on the hard drive and any devices connected to the computer in order to do the most damage. The ransomware also encrypts files located in the computer users sync folders such as Google Drive or DropBox. So external hard drives, thumb drives and even cloud backup solutions are vulnerable to the attack. Always unplug your external backup drives from your computer.

Can the encryption be cracked?

Currently there is no easy way to crack the encryption methods used by the Crypto malware that scrambled the users important data files. Even the most powerful super-computers cannot easily break the encryption. The only known method to attempt breaking the encryption is to brute force (guess) the private key. This is a highly unlikely solution as it would possibily take 6.5 billion years for a desktop computer to make the correct guess, but is the only solution available at this time.

Will the encryption be cracked in the future?

Possibly with the advancement of quantum computing, current forms of encryption will become less secure and possibly exploitable. Only time will tell at this point.

How to not become a victim of Crypto-malware?

The best known method to safe guard your data against cryptographic malware and other types of virus data loss is to have a reliable incremental backup solution in place. An incremental backup system keeps snapshots over time of your data that can be restored in the event of a data disaster. Talk to South City Computer about an incremental backup solution that will work for you.

The folks at Ivanhoe Computer did a great job recovering some photos from an old computer we had. We were sure they were lost. They recovered the photos and loaded them onto our remote hard drive. We could not be happier with our first experience with them!